Switches, Hubs, and Modems
1748006 Members
4263 Online
108757 Solutions
New Discussion юеВ

Re: 8212zl IP Routing setup

 
SOLVED
Go to solution
Ron Havlen
Advisor

Re: 8212zl IP Routing setup

Pieter, I'm hoping you can help me figure out a related issue in my 8212zl IP routing setup.
Ignore for the moment most of what we talked about with my multinetted default_vlan.

Due to some medical equipment coming in, they required a Layer 3 switch in the mix, which is why I needed to turn IP routing on in the 8212. I had started out trying with my multinet.
However, now with the medical equipment here, we just can't seem to get things to work.
These devices are on thier own vlans. We setup Vlan 26 with an IP address of 192.168.27.1, and Vlan 27 with an IP address of 192.168.28.1. (should have matched up I know, too late when I thought of it)

My assumption was that by having the IP address on the vlan on the 8212, this was then the default gateway for that vlan. Working on Vlan 27, we have a device on a wired port attached to one of my 2910al units. The port on the 2910 directly connected to the device is untagged in vlan 27, and the fiber connection between my 2910 and 8212 is tagged for vlan 27. Note this vlan and ip addressing does not, or should not, touch my sonicwall.
We also have several wireless devices that have to connect to this vlan. So, I have vlan 27 in my msm765 controller, tagged. And also have vlan 27 tagged to the ports on the 2910 that have the msm422 access points attached. The vsc for the controller is set to egress to vlan 27, so that traffic on the wireless that attaches to the correct ssid just drops onto vlan 27.
Our problem is, that we can't seem to ping the devices almost at all. We can occasionally ping the device wired to the untagged port on the 2910, from the 8212. We usually cannot ping from the msm765, and cannot usually ping from another device on the same vlan in the wireless setup. All the devices are static ip addresses.
However, occsionally I can ping from the 8212 to one of the wireless devices, then loose it quickly. The tech with the medical equipment has his laptop here, also with a static ip address for the ssid on vlan 27, and occasionally I can ping him, again from the 8212. I cannot usually ping from the msm765, though it has been successful a couple of times. The laptop is windows, the devices are linux based I believe. I tried puting another address on the vlan in the 2910al (which it turns out can support some ip routing) but that didn't help.

Today I tried using my PCM to trace a route, and it can't seem to find my gateway of 192.168.28.1

Anyway, any ideas, or any other information you need so you can tell me what I am doing wrong?
Thanks.
Pieter 't Hart
Honored Contributor

Re: 8212zl IP Routing setup

>>> We setup Vlan 26 with an IP address of 192.168.27.1, and Vlan 27 with an IP address of 192.168.28.1. <<<
On the 8212 I assume?
If yes then the 8212 (with "ip routing") is sufficiently setup to route between the vlans.
The clients in vlan-26 (the 192.168.27.0 network) need to have the 192.168.27.1 configured as default gateway.
evenso for vlan27 -> gw:192.168.28.1

>>> The port on the 2910 directly connected to the device is untagged in vlan 27<<
sounds OK.
>>> and the fiber connection between my 2910 and 8212 is tagged for vlan 27. <<<
also good, but check if this is done both on the 8212 and on the 2910 side of the link?
Maybe you also want to configure the same link tagged for vlan 26 ?

>>>Note this vlan and ip addressing does not, or should not, touch my sonicwall.<<<
This will not be totally avoidable.
If a client adresses an adress outside your local subnets, the switch will redirect it using the default route (ip route 0.0.0.0 ....), wich leads to the sonicwall. As this doesn't know about these nets, it should drop this traffic, bot it DOES reach the sonicwall.


About the MSM785's
I've no experience with the MSM's but compare this to the Cisco WLC (wich i do know).

With cisco the AP's connect to the WLC over a management (v)lan
=> configure the switch-ports of the AP's as untagged in this vlan.
The access-point sets op a sort of "tunnel" over this management vlan to the WLC. The WLC then drops the packets on a data-vlan.
So your vlan between AP and controller is a different one than from controller to destination-hosts.

I need to look deeper into msm doc's to give better advice.

try these doc's
http://h10144.www1.hp.com/docs/myprocurve/MSMDesignGuide_May_09_WW_Eng_ltr.pdf
http://h10144.www1.hp.com/docs/myprocurve/MSMImplementationGuide_May_09_WW_Eng_ltr.pdf
Ron Havlen
Advisor

Re: 8212zl IP Routing setup

Pieter, thank you. You confirmed that my setup of the vlans appeared correct, so I switched my focus to the VSC on the service controller. That was the ticket. I threw a few rocks at it, adjusting some settings I didn't think I needed, and then everything came to life. The two vlans are properly routing between each other, and now that I have the VSC correct, it routes across the wireless correctly too.

As a last test of the concepts, I put a printer on my older default_vlan of 199.199.x.x with the address of 199.199.199.3. However, I put the gateway of the printer as 199.199.190.100, the IP address of this range on the 8212. Then I connected wirelessly in this same subnet with that gateway and setup the printer on the laptop, and it worked correctly.

Then I switched the laptop to an ip address in the vlan 27 range, 192.168.28.35, with the gateway of 192.168.28.1.

With this setup on my laptop, and the setup on the printer, I was able to access and print to the printer, showing the routing enabled correctly from the 192.168.28.x subnet to the 199.199.x.x subnet.

So proof of the concept as you described. Excellent.

Now I need to ask if we can think outside the box.

As you've observed from previous notes, my original ip ranges were 199.199.x.x with a gateway of 199.199.199.254 (sonicwall) and 172.29.x.x with a gateway of 172.29.199.254 (sonicwall).

What I need to find a way to do, is to be able to route between the 8212 and the sonicwall in such a way that the devices on the network can still route across from one subnet to the other while I am in the process of trying to change them.

For example, let's say I have a printer on 172.29.196.25 with a gateway of 172.29.199.254. And I have a computer on 199.199.0.138 with a gateway of 199.199.199.254.
Currently, print commands from the computer get routed through the sonicwall.

What I need to find a way to do, is to let's say change the gateway of the printer (172.19.196.25) to 172.29.190.100(8212). Yet I can't change the gateway of the computer (199.199.0.138) from the current gateway of the sonicwall yet.

Is there any way that I can get the 8212 and/or sonicwall to see this traffic and route it back to the correct location? At this point, the traffic from the computer would travel to the sonicwall. The sonicwall might know the ip range of the printer, but it doesn't know how to get to the printers new gateway.

Hope that made sense.

Thank you very much for all your help. I think the ratings here are a bit skewed, you deserve a lot higher rank than wizard.